Minimal patch for pip

diff -rU3 pip-22.3.1-orig/src/pip/_internal/utils/unpacking.py pip-22.3.1/src/pip/_internal/utils/unpacking.py
--- a/pip/utils/__init__.py	2022-11-05 16:25:43.000000000 +0100
+++ b/pip/utils/__init__.py	2023-08-08 13:17:47.705613554 +0200
@@ -559,6 +559,13 @@
             if leading:
                 fn = split_leading_dir(fn)[1]
             path = os.path.join(location, fn)
+
+            # Call the `data` filter for its side effect (raising exception)
+            try:
+                tarfile.data_filter(member.replace(name=fn), location)
+            except tarfile.LinkOutsideDestinationError:
+                pass
+
             if member.isdir():
                 ensure_dir(path)
             elif member.issym():


Patch for vendored distlib from https://github.com/pypa/distlib/pull/201

diff --git a/distlib/util.py b/distlib/util.py
index e0622e4..4349d0b 100644
--- a/pip/_vendor/distlib/util.py
+++ b/pip/_vendor/distlib/util.py
@@ -1249,6 +1249,19 @@ def check_path(path):
             for tarinfo in archive.getmembers():
                 if not isinstance(tarinfo.name, text_type):
                     tarinfo.name = tarinfo.name.decode('utf-8')
+
+        # Limit extraction of dangerous items, if this Python
+        # allows it easily. If not, just trust the input.
+        # See: https://docs.python.org/3/library/tarfile.html#extraction-filters
+        def extraction_filter(member, path):
+            """Run tarfile.tar_fillter, but raise the expected ValueError"""
+            # This is only called if the current Python has tarfile filters
+            try:
+                return tarfile.tar_filter(member, path)
+            except tarfile.FilterError as exc:
+                raise ValueError(str(exc))
+        archive.extraction_filter = extraction_filter
+
         archive.extractall(dest_dir)
 
     finally: